MUA "automatically signs keys"?

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Thu Jan 30 01:04:17 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 29 January 2014 at 7:57:12 PM, in
<mid:6757499.FAIGtOWeFj at mani>, Johannes Zarl wrote:


> Under the assumption
> that an attacker can't reliably do a MITM attack on
> every message that is sent over an extended time
> period

Why would that be assumed? In a corporate setting the MITM could be
placed within the company's network, for a home user their ISP or
email provider could be used, and for mobiles, the phone network.



> , you would place almost no trust in a fresh
> persona-certified key, but high trust in an old and
> frequently encountered key.

The older the key, the greater the opportunity for compromise.



> The trust would grow with
> time (just like the trust into someone you know in real
> life).

If a person I knew well in real life were "compromised" they are
likely a poor enough actor for it to be easily-noticed.




- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

The second mouse gets the cheese
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlLplxVXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5p/PAEAMLzMDuW9+rogvLcrYKTKPZOZDyfj3CwaG+l
h5IjlkH1I+wsYooLti/c8hBklE1RxHXlbDjnmjph88IAK2+hHvBtC+HUra+2BZbp
KxDeYvthnSeeZ7R1Ry3yX9c7OUO4J2xAZPCVTFmmBoX06jf/nBBHQGAelmnrTF5L
dXkfQPTu
=8zBv
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list